关于安卓的外文翻译.docx
《关于安卓的外文翻译.docx》由会员分享,可在线阅读,更多相关《关于安卓的外文翻译.docx(31页珍藏版)》请在冰豆网上搜索。
关于安卓的外文翻译
Understandandroidsecurity
Thenextgenerationofopenoperatingsystemswon’tbeondesktopsormainframesbutonthesmallmobiledeviceswecarryeveryday.Theopennessofthesenewenvironmentswillleadtonewapplicationsandmarketsandwillenablegreaterintegrationwithexistingonlineservices.
However,astheimportanceofthedataandservicesourcellphonessupportincreases,sotoodotheopportunitiesforvulnerability.It’sessentialthatthisnextgenerationofplatformsprovideacomprehensiveandusablesecurityinfrastructure.DevelopedbytheOpenHandsetAlliance(visiblyledbyGoogle),Androidisawidelyanticipatedopensourceoperatingsystemformobiledevicesthatprovidesabaseoperatingsystem,anapplicationmiddlewarelayer,aJavasoftwaredevelopmentkit(SDK),andacollectionofsystemapplications.AlthoughtheAndroidSDKhasbeenavailablesincelate2007,thefrstpubliclyavailableAndroid-ready“G1”phonedebutedinlateOctober2008.Sincethen,Android’sgrowthhasbeenphenomenal:
TMobile’sG1manufacturerHTCestimatesshipmentvolumesofmorethan1millionphonesbytheendof2008,andindustryinsidersexpectpublicadoptiontoincreasesteeplyin2009.Manyothercellphoneprovidershaveeitherpromisedorplantosupportitinthenearfuture.
AlargecommunityofdevelopershasorganizedaroundAndroid,andmanynewproductsandapplicationsarenowavailableforit.OneofAndroid’schiefsellingpointsisthatitletsdevelopersseamlesslyextendonlineservicestophones.Themostvisibleexampleofthisfeatureis—unsurprisingly—thetightintegrationofGoogle’sGmail,Calendar,andContactsWebapplicationswithsystemutilities.Androiduserssimplysupplyausernameandpassword,andtheirphonesautomaticallysynchronizewithGoogleservices.Othervendorsarerapidlyadaptingtheirexistinginstantmessaging,socialnetworks,andgamingservicestoAndroid,andmanyenterprisesarelookingforwaystointegratetheirowninternaloperations(suchasinventorymanagement,purchasing,receiving,andsoforth)intoitaswell.Traditionaldesktopandserveroperatingsystemshavestruggledtosecurelyintegratesuchpersonalandbusinessapplicationsandservicesonasingleplatform;althoughdoingsoonamobileplatformsuchasAndroidremainsnontrivial,manyresearchershopeitprovidesacleanslatedevoidofthecomplicationsthatlegacysoftwarecancause.Androiddoesn’tofciallysupportapplicationselopedforotherplatforms:
applicationsexecuteontopofaJavamiddlewarelayerrunningonanembeddedLinuxkernel,sodeveloperswishingtoporttheirapplicationtoAndroidmustuseitscustomuserinterfaceenvironment.Additionally,AndroidrestrictsapplicationinteractiontoitsspecialAPIsbyrunningeachapplicationasitsownuseridentity.Althoughthiscontrolledinteractionhasseveralbeneficialsecurityfeatures,ourexperiencesdevelopingAndroidapplicationshaverevealedthatdesigningsecureforward.Androidusesasimplepermissionlabelassignmentmodeltorestrictaccesstoresourcesandotherapplications,butforreasonsofnecessityandconvenience,itsdesignershaveaddedseveralpotentiallyconfusingrefinementsasthesystemhasevolved.ThisarticleattemptstounmaskthecomplexityofAndroidsecurityandnotesomepossibledevelopmentpitfallsthatoccurwhendefininganapplication’ssecurity.Weconcludebyattemptingtodrawsomelessonsandidentifyopportunitiesforfutureenhancementsthatshouldaidinclarityandcorrectness.AndroidApplicationsTheAndroidapplicationframeworkforcesastructureondevelopers.Itdoesnothaveamain()functionorsingleentrypointforexecution—instead,developersmustdesignapplicationsintermsofcomponents.ExampleApplication.
WedevelopedapairofapplicationstohelpdescribehowAndroidapplicationsoperate.Interestedreaderscandownloadthesourcecodefromourwebsitepttp:
//siis.cse.psu.edu/android_sec_tutorial.html).
Let’sconsideralocation-sensitivesocialnetworkingapplicationformobilephonesinwhichuserscandiscovertheirfriends’locations.Wesplitthefunctionalityintotwoapplications:
onefortrackingfriendsandoneforviewingthem.AsFigure1shows,theFriendTrackerapplicationconsistsofcomponentsspecifctotrackingfriendlocations(forexample,viaaWebservice),storinggeographiccoordinates,andsharingthosecoordinateswithotherapplications.TheuserthenusestheFriendViewerapplicationtoretrievethestoredgeographiccoordinatesandviewfriendsonamap.Bothapplicationscontainmultiplecomponentsforperformingtheirrespectivetasks;thecomponentsthemselvesareclassifedbytheircomponenttypes.AnAndroiddeveloperchoosesfrompredefnedcomponenttypesdependingonthecomponent’spurpose(suchasinterfacingwithauserorstoringdata).ComponentTypesAndroiddefnesfourcomponenttypes:
Activity•componentsdefneanapplication’suserinterface.Typically,anapplicationdeveloperdefnesoneactivityper“screen.”Activitiesstarteachother,possiblypassingandreturningvalues.Onlyoneactivityonthesystemhaskeyboardandocessingfocusatatime;allothersaresuspended.Servicecomponentsperformbackgroundprocessing.Whenanactivityneedstoperformsomeoperationthatmustcontinueaftertheuserinterfacedisappears(suchasdownloadafleorplaymusic),itcommonlystartsaservicespecifcallydesignedforthataction.Thedevelopercanalsouseservicesasapplication-specifcdaemons,possiblystartingonboot.ServicesoftendefineaninterfaceforRemoteProcedureCall(RPC)thatothersystemcomponentscanusetosendcommandsandretrievedata,aswellasregistercallbacks.Contentprovidercomponentsstoreandsharedatausingarelationaldatabaseinterface.Eachcontentproviderhasanassociated“authority”describingthecontentitcontains.OthercomponentsusetheauthoritynameasahandletoperformSQLqueries(suchasSELECT,INSERT,orDELETE)toreadandwritecontent.Althoughcontentproviderstypicallystorevaluesindatabaserecords,dataretrievalisimplementation-specifc—forexample,flesarealsosharedthroughcontentproviderinterfaces.Broadcastreceivercomponentsactasmailboxesformessagesfromotherapplications.Commonly,applicationcodebroadcastsmessagestoanimplicitdestination.Broadcastreceiversthussub-scribetosuchdestinationstoreceivethemessagessenttoit.Applicationcodecanalsoaddressabroadcastreceiverexplicitlybyincludingthenamespaceassignedtoitscontainingapplication.
Figure1showstheFriendTrack-erandFriendViewerapplicationscontainingthediferentcomponenttypes.Thedeveloperspecifescomponentsusingamanifestfle(alsousedtodefnepolicyasdescribedlater).Therearenorestrictionsonthenumberofcomponentsanapplicationdefnesforeachtype,butasaconvention,onecomponenthasthesamenameastheapplication.Frequently,thisisanactivity,asintheFriendViewerapplication.Thisactivityusuallyindicatestheprimaryactivitythatthesystemapplicationlauncherusestostarttheuserinterface;however,thespecifcactivitycho-senonlaunchismarkedbymetainformationinthemanifest.IntheFriendTrackerapplication,forexample,theFriendTrackerControlactivityismarkedasthemainuserinterfaceentrypoint.
Inthiscase,wereservedthename“FriendTracker”fortheservicecomponentperformingthecoreapplicationlogic.TheFriendTrackerapplicationcontainseachofthefourcomponenttypes.TheFriendTrackerservicepollsanexternalservicetodiscoverfriends’locations.Inourexamplecode,wegeneratelocaFriendTrackerapplicationBootReceiverBroadcastreceiverActivityFriendTrackerFriendProviderContentproviderServiceFriendTrackercontrolFriendViewerapplicationFriendReceiverBroadcastreceiverActivityFriendTrackerActivityFriendViewerFigure1.ExampleAndroidapplication.TheFriendTrackerandFriendViewerapplicationsconsistofmultiplecomponentsofdifferenttypes,eachofwhichprovidesadifferentsetoffunctionalities.Activitiesprovideauserinterface,servicesexecutebackgroundprocessing,contentprovidersaredatastoragefacilities,andbroadcastreceiversactasmailboxesformessagesfromotherapplications.tionsrandomly,butextendingthecomponenttointerfacewithaWebserviceisstraightforward.TheFriendProvidercontentprovidermaintainsthemostrecentgeographiccoordinatesforfriends,theFriendTrackerControlactivitydefnesauserinterfaceforstartingandstoppingthetrackingfunctionality,andtheBootReceiverbroadcastreceiverobtainsanotifcationfromthesystemonceitboots(theapplicationusesthistoutomaticallystarttheFriendTrackerservice).TheFriendViewerapplicationbisprimarilyconcernedwithshowinginformationaboutfriends’locations.TheFriendVieweractivitylistsallfriendsandtheirgeographiccoordinates,andtheFriendMapactivitydisplaysthemonamap.TheFriendReceiverbroadcastreceiverwaitsformessagesthatindicatethephysicalphoneisnearaparticularfriendanddisplaysamessagetotheuseruponsuchanevent.AlthoughwecouldhaveplacedthesecomponentswithintheFriendTrackerapplication,wecreatedaseparateapplicationtodemonstratecross-applicationcommunication.dditionally,byseparatingthetrackinganduserinterfacelogic,wecancreatealternativeuserinterfaceswithdifferentdisplaysandfeatures—thatis,manyapplicationscanreusethelogicperformedinFriendTracker.ComponentInteractionTheprimarymechanismforcomponentinteractionisanintent,whichissimplyamessageobjectcontainingadestinationcomponentaddressanddata.
TheAndroidAPIdefnesmethodsthatacceptintents,andusesthatinformationtostartactivitie